automateyournetwork/nvd-cve
workspace/skills/nvd-cve/SKILL.md
Search the National Vulnerability Database for CVEs - find vulnerabilities by keyword or ID, get CVSS scores, weaknesses, affected configurations, and remediation references. Use when looking up a CVE, scanning for vulnerabilities, running a security audit, or checking if a software version has known exploits.
$ install --global
skillsauthnpx skillsauth add automateyournetwork/netclaw nvd-cveInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:29 AM4.5s1 file scanned
SKILL.md
- name:
- nvd-cve
- description:
- Search the National Vulnerability Database for CVEs - find vulnerabilities by keyword or ID, get CVSS scores, weaknesses, affected configurations, and remediation references. Use when looking up a CVE, scanning for vulnerabilities, running a security audit, or checking if a software version has known exploits.
- license:
- Apache-2.0
- user-invocable:
- true
- { "openclaw":
- { "requires": { "bins": ["python3"], "env": ["NVD_MCP_SCRIPT", "MCP_CALL"] } } }
NVD CVE Vulnerability Search
Available Tools
1. get_cve — Look Up a Specific CVE by ID
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" get_cve '{"cve_id":"CVE-2023-20198"}'
Parameters:
cve_id(required): The CVE identifier, e.g.,CVE-2023-20198concise(optional, defaultfalse): Settruefor brief output (ID, description, CVSS score only)
Returns: Full CVE details including:
- CVSS v3.1 and v2.0 scores, severity, vector string
- Exploitability and impact scores
- CWE weakness identifiers
- References with tags (Vendor Advisory, Patch, Exploit, etc.)
- Affected configurations (CPE entries)
2. search_cve — Search CVEs by Keyword
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" search_cve '{"keyword":"Cisco IOS XE 17.9"}'
Parameters:
keyword(required): Search term, e.g.,"Cisco IOS XE","NX-OS 10.2","OpenSSL 3.0"exact_match(optional, defaultfalse): Require exact keyword matchconcise(optional, defaultfalse): Brief output per CVEresults(optional, default10): Number of results to return (max 2000)
Returns: List of matching CVEs with full details, plus total count.
When to Use
- Post-health-check vulnerability scan: After
show versionreveals the IOS-XE/NX-OS version, search NVD for known CVEs - Security audit enrichment: Cross-reference running config features (HTTP server, SNMP, SSH) against CVEs
- Incident response: Look up specific CVE IDs mentioned in advisories
- Compliance reporting: Document known vulnerabilities and remediation status
- Upgrade planning: Compare CVE exposure between current and target versions
Vulnerability Audit Workflow
Step 1: Extract Software Version
From a device health check, extract the software version (e.g., IOS-XE 17.9.4a).
Step 2: Search NVD for Version-Specific CVEs
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" search_cve '{"keyword":"Cisco IOS XE 17.9.4","results":20}'
Step 3: Get Details for Critical/High CVEs
For each CVE with CVSS >= 7.0, pull full details:
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" get_cve '{"cve_id":"CVE-2023-20198"}'
Step 4: Exposure Correlation
Cross-reference CVE requirements against the device running config:
| CVE | Requires | Running Config | Exposed? |
|-----|----------|---------------|----------|
| CVE-2023-20198 | HTTP/HTTPS server enabled | ip http server present | YES |
| CVE-2023-20273 | Web UI accessible | ip http secure-server + no ACL | YES |
| CVE-2024-XXXXX | OSPF enabled | router ospf 1 present | YES |
Step 5: Produce Vulnerability Report
Vulnerability Audit — YYYY-MM-DD
Device: R1 | IOS-XE 17.9.4a
CRITICAL (CVSS >= 9.0):
CVE-2023-20198 (CVSS 10.0) — IOS-XE Web UI privilege escalation
Exposure: CONFIRMED — ip http server enabled
Remediation: Upgrade to 17.9.4a+ or disable ip http server
HIGH (CVSS >= 7.0):
CVE-2023-20273 (CVSS 7.2) — Web UI command injection
Exposure: CONFIRMED — ip http secure-server, no ACL
Remediation: Apply access-class to HTTP server or upgrade
MEDIUM (CVSS >= 4.0):
[none found]
Summary: 2 CRITICAL (2 exposed), 0 HIGH, 0 MEDIUM
Step 6: Search by Feature Keywords
When auditing specific features, search for feature-specific CVEs:
# SNMP vulnerabilities
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" search_cve '{"keyword":"Cisco SNMP remote code execution","results":10}'
# BGP vulnerabilities
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" search_cve '{"keyword":"Cisco BGP denial of service","results":10}'
# SSH vulnerabilities
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" search_cve '{"keyword":"Cisco IOS SSH vulnerability","results":10}'
CVSS Severity Mapping
| CVSS Score | Severity | Action Timeline | |-----------|----------|-----------------| | 9.0 - 10.0 | CRITICAL | Immediate remediation required | | 7.0 - 8.9 | HIGH | Remediate within 1 change window | | 4.0 - 6.9 | MEDIUM | Remediate in next maintenance window | | 0.1 - 3.9 | LOW | Document and track |
Fleet-Wide Vulnerability Scan
Run version discovery across all devices, then batch-search NVD for each unique version:
# Step 1: Get version from each device
PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show version"}'
# Step 2: Search NVD for each unique version found
NVD_API_KEY=$NVD_API_KEY python3 $MCP_CALL "python3 -u $NVD_MCP_SCRIPT" search_cve '{"keyword":"Cisco IOS XE 17.9.4","results":20,"concise":true}'
Produce a fleet vulnerability matrix:
┌──────────┬───────────────────┬──────────┬──────┬──────┬────────┐
│ Device │ Software Version │ CRITICAL │ HIGH │ MED │ Action │
├──────────┼───────────────────┼──────────┼──────┼──────┼────────┤
│ R1 │ IOS-XE 17.9.4a │ 2 │ 3 │ 5 │ URGENT │
│ R2 │ IOS-XE 17.12.1 │ 0 │ 1 │ 2 │ PLAN │
│ SW1 │ IOS-XE 16.12.4 │ 5 │ 8 │ 12 │ URGENT │
└──────────┴───────────────────┴──────────┴──────┴──────┴────────┘
GAIT Audit Trail
Record vulnerability scans in GAIT:
python3 $MCP_CALL "python3 -u $GAIT_MCP_SCRIPT" gait_record_turn '{"input":{"role":"assistant","content":"NVD vulnerability scan on R1 (IOS-XE 17.9.4a): 2 CRITICAL (CVE-2023-20198, CVE-2023-20273), 3 HIGH, 5 MEDIUM. Both CRITICAL CVEs confirmed exposed via running config analysis.","artifacts":[]}}'
Related Skills
automateyournetwork/humanrail-escalation
testing
VerifiedTrustedCommunity
Human-in-the-loop escalation via HumanRail — route low-confidence agent decisions, pre-destructive operation approvals, and ambiguous incident tickets to real human engineers. Human answers are verified and returned as structured output. Workers are paid via Lightning Network. Use when the agent is uncertain, when a destructive change needs explicit human sign-off beyond a ServiceNow CR, or when an ambiguous ticket requires human triage before automated handling.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-node-operations
testing
VerifiedTrustedCommunity
Manage EVE-NG node lifecycle. Use when listing nodes, checking runtime state, creating or deleting nodes, starting or stopping nodes or whole labs, verifying node details, or wiping node NVRAM back to factory defaults.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-lab-management
development
VerifiedTrustedCommunity
Manage EVE-NG labs and platform inventory. Use when listing labs, checking lab metadata, creating or deleting labs, importing or exporting lab archives, checking EVE-NG health or auth, or verifying available node images before build work.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-console-ops
tools
VerifiedTrustedCommunity
Execute live CLI commands on running EVE-NG nodes over telnet console. Use when running show commands, making live config changes, verifying protocol state, testing connectivity, checking console readiness, or interacting with IOS, Junos, VPCS, EOS, or NX-OS nodes.
491SKILL.mdUpdated May 12, 2026